From 66483c89acad6c4160c2262f8b703052302c9a4a Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Mon, 23 Mar 2026 15:49:51 -0600 Subject: [PATCH] code rules --- config/base.nix | 12 ++-- config/derek.nix | 26 ++++--- config/home-manager.nix | 42 +++++------ config/stylix.nix | 16 ++--- dotfiles/gallery-dl.nix | 58 +++++++-------- environments/cinnamon.nix | 12 ++-- environments/gnome.nix | 10 +-- environments/hyprland-home.nix | 38 +++++----- environments/hyprland.nix | 14 ++-- flake.nix | 20 +++--- hosts/emacs/configuration.nix | 14 ++-- hosts/mac/home.nix | 8 ++- hosts/miniserver/configuration.nix | 20 +++--- hosts/miniserver/hardware-configuration.nix | 18 ++--- hosts/miniserver/toggles.nix | 16 ++--- hosts/server/configuration.nix | 58 +++++++-------- hosts/server/hardware-configuration.nix | 24 +++---- hosts/server/toggles.nix | 24 +++---- hosts/vps/configuration.nix | 38 +++++----- hosts/vps/toggles.nix | 8 +-- hosts/workstation/configuration.nix | 48 +++++++------ hosts/workstation/hardware-configuration.nix | 6 +- hosts/workstation/toggles.nix | 16 ++--- modules/apps/art.nix | 2 +- modules/apps/gaming.nix | 24 +++---- modules/apps/internet/home.nix | 14 ++-- modules/dev/cc/nixos.nix | 10 +-- modules/dev/docker/home.nix | 6 +- modules/dev/docker/nixos.nix | 10 +-- modules/dev/emacs/home.nix | 2 +- modules/dev/emacs/portable.nix | 8 +-- modules/dev/go/home.nix | 6 +- modules/dev/go/nixos.nix | 10 +-- modules/dev/haskell/home.nix | 12 ++-- modules/dev/haskell/nixos.nix | 10 +-- modules/dev/javascript/common.nix | 8 +-- modules/dev/javascript/nixos.nix | 10 +-- modules/dev/julia/nixos.nix | 10 +-- modules/dev/mcp/nixos.nix | 10 +-- modules/dev/nix/nixos.nix | 10 +-- modules/dev/python/nixos.nix | 8 +-- modules/dev/ruby/home.nix | 12 ++-- modules/dev/ruby/nixos.nix | 10 +-- modules/dev/rust/home.nix | 6 +- modules/dev/rust/nixos.nix | 10 +-- modules/dev/sh/nixos.nix | 10 +-- modules/dev/zig/nixos.nix | 10 +-- modules/factories/mkscript.nix | 74 ++++++++++---------- modules/modules.nix | 12 ++-- modules/nix/build.nix | 6 +- modules/scripts/download/home.nix | 2 +- modules/servers/drpp.nix | 8 +-- modules/servers/flame.nix | 4 +- modules/servers/gitea.nix | 2 +- modules/servers/homepage/service-widgets.nix | 8 +-- modules/servers/homepage/widgets.nix | 4 +- modules/servers/jellyfin.nix | 4 +- modules/servers/lidarr.nix | 10 +-- modules/servers/maloja.nix | 2 +- modules/servers/multi-scrobbler.nix | 2 +- modules/servers/nextcloud.nix | 26 +++---- modules/servers/qbittorrent.nix | 20 +++--- modules/servers/ryot.nix | 2 +- modules/servers/synapse.nix | 8 ++- modules/servers/synctube.nix | 2 +- modules/servers/yamtrack.nix | 2 +- modules/services/network.nix | 24 +++---- modules/services/nvidia.nix | 6 +- modules/services/sound.nix | 6 +- modules/services/syncthing.nix | 8 +-- modules/websites/lidarr-mb-report.nix | 4 +- modules/websites/portfolio.nix | 4 +- parts/core.nix | 4 +- parts/hosts.nix | 8 +-- parts/packages.nix | 6 +- 75 files changed, 530 insertions(+), 512 deletions(-) diff --git a/config/base.nix b/config/base.nix index c9ac740..4e3a2c2 100644 --- a/config/base.nix +++ b/config/base.nix @@ -38,9 +38,7 @@ }; i18n = { defaultLocale = "en_CA.UTF-8"; - extraLocaleSettings = { - LC_MONETARY = "es_MX.UTF-8"; - }; + extraLocaleSettings.LC_MONETARY = "es_MX.UTF-8"; }; console = { font = "Lat2-Terminus16"; @@ -48,10 +46,6 @@ }; security = { polkit.enable = true; - sudo-rs = { - enable = true; - wheelNeedsPassword = false; - }; pam.loginLimits = [ { domain = "*"; @@ -60,6 +54,10 @@ value = "8192"; } ]; + sudo-rs = { + enable = true; + wheelNeedsPassword = false; + }; }; users = { mutableUsers = false; diff --git a/config/derek.nix b/config/derek.nix index 5690f5c..e8257b7 100644 --- a/config/derek.nix +++ b/config/derek.nix @@ -15,6 +15,9 @@ let }; in { + sops.secrets = lib.mkIf config.my.secureHost { + derek-password.neededForUsers = true; + }; my = { stylix = enableForDerek; emacs = enableForDerek; @@ -34,9 +37,6 @@ in multimedia = enableForDerek; }; }; - sops.secrets = lib.mkIf config.my.secureHost { - derek-password.neededForUsers = true; - }; services = { tailscale.enable = true; sunshine = { @@ -48,17 +48,15 @@ in }; networking.nftables = { enable = true; - tables = { - local-uid-block = { - family = "inet"; - content = '' - chain output { - type filter hook output priority 0; policy accept; - meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop - meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop - } - ''; - }; + tables.local-uid-block = { + family = "inet"; + content = '' + chain output { + type filter hook output priority 0; policy accept; + meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop + meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop + } + ''; }; }; users.users.bearded_dragonn = { diff --git a/config/home-manager.nix b/config/home-manager.nix index 341a940..b6f7061 100644 --- a/config/home-manager.nix +++ b/config/home-manager.nix @@ -39,27 +39,6 @@ in ]; home.stateVersion = "23.05"; programs = { - direnv = { - enable = true; - enableBashIntegration = shellType == "bash"; - enableZshIntegration = shellType == "zsh"; - nix-direnv.enable = true; - }; - git = { - enable = true; - settings = { - pull.rebase = true; - init.defaultBranch = "main"; - user = { - email = if osConfig == null then userEmail else osConfig.my.email; - name = "Danilo Reyes"; - }; - }; - }; - delta = { - enable = true; - enableGitIntegration = true; - }; ssh.enableDefaultConfig = false; bash = lib.mkIf (shellType == "bash") { enable = true; @@ -85,6 +64,27 @@ in ignoreAllDups = true; }; }; + delta = { + enable = true; + enableGitIntegration = true; + }; + direnv = { + enable = true; + enableBashIntegration = shellType == "bash"; + enableZshIntegration = shellType == "zsh"; + nix-direnv.enable = true; + }; + git = { + enable = true; + settings = { + pull.rebase = true; + init.defaultBranch = "main"; + user = { + email = if osConfig == null then userEmail else osConfig.my.email; + name = "Danilo Reyes"; + }; + }; + }; }; xdg = { enable = true; diff --git a/config/stylix.nix b/config/stylix.nix index 9e6a0c5..7499462 100644 --- a/config/stylix.nix +++ b/config/stylix.nix @@ -21,13 +21,11 @@ in description = "Users to apply Stylix theming for"; }; }; - config = { - stylix = { - inherit (scheme) image polarity; - enable = true; - autoEnable = cfg.enable; - targets.qt.platform = lib.mkForce "qtct"; - } - // lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; }; - }; + config.stylix = { + inherit (scheme) image polarity; + enable = true; + autoEnable = cfg.enable; + targets.qt.platform = lib.mkForce "qtct"; + } + // lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; }; } diff --git a/dotfiles/gallery-dl.nix b/dotfiles/gallery-dl.nix index 61e9e4a..e8a15a3 100644 --- a/dotfiles/gallery-dl.nix +++ b/dotfiles/gallery-dl.nix @@ -1,4 +1,5 @@ { + output.mode = "auto"; extractor = { skip = "abort:5"; cookies = [ @@ -8,6 +9,29 @@ ]; retries = 10; sleep-request = 0; + pinterest.directory = [ + "{board[owner][username]}" + "{board[name]}" + ]; + exhentai.directory = [ + "{category}" + "{title}" + ]; + gfycat.format = "webm"; + imgur.mp4 = true; + paheal.directory = [ + "Husbands" + "{search_tags}" + ]; + rule34.directory = [ + "Husbands" + "{search_tags}" + ]; + e621.directory = [ + "Husbands" + "{search_tags}" + ]; + baraag.directory = [ "{account[username]}" ]; directlink = { filename = "{filename}.{extension}"; directory = [ ]; @@ -35,10 +59,6 @@ "{owner[username]}" ]; }; - pinterest.directory = [ - "{board[owner][username]}" - "{board[name]}" - ]; wikifeet = { page-reverse = true; directory = [ @@ -55,6 +75,11 @@ parent-directory = true; directory = [ "{username}" ]; previews = true; + tagged.directory = [ + "{username}" + "tagged" + "{tagged_username}" + ]; highlights = { reverse = true; directory = [ "{username}" ]; @@ -63,11 +88,6 @@ reverse = true; directory = [ "{username}" ]; }; - tagged.directory = [ - "{username}" - "tagged" - "{tagged_username}" - ]; }; kemonoparty = { limit-rate = "200k-300k"; @@ -79,10 +99,6 @@ "{user}" ]; }; - exhentai.directory = [ - "{category}" - "{title}" - ]; tumblr = { external = true; inline = true; @@ -132,7 +148,6 @@ external = true; directory = [ "{userinfo[username]}" ]; }; - gfycat.format = "webm"; reddit = { user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)"; client-id = "T7nZ6WZ3_onJWBhLP8r08g"; @@ -143,20 +158,6 @@ reverse = true; directory = [ "{userName}" ]; }; - imgur.mp4 = true; - paheal.directory = [ - "Husbands" - "{search_tags}" - ]; - rule34.directory = [ - "Husbands" - "{search_tags}" - ]; - e621.directory = [ - "Husbands" - "{search_tags}" - ]; - baraag.directory = [ "{account[username]}" ]; pixiv = { directory = [ "{user[account]} - {user[id]}" ]; ugoira = true; @@ -275,7 +276,6 @@ ]; }; }; - output.mode = "auto"; downloader = { part = true; part-directory = "/home/jawz/.cache/gallery-dl"; diff --git a/environments/cinnamon.nix b/environments/cinnamon.nix index 1cc7186..0c7850c 100644 --- a/environments/cinnamon.nix +++ b/environments/cinnamon.nix @@ -1,5 +1,11 @@ { pkgs, ... }: { + users.users.jawz.packages = builtins.attrValues { + inherit (pkgs) + adw-gtk3 # theme legacy applications + papirus-icon-theme # icon theme + ; + }; services = { libinput.enable = true; xserver = { @@ -12,10 +18,4 @@ enable = true; style = "adwaita"; }; - users.users.jawz.packages = builtins.attrValues { - inherit (pkgs) - adw-gtk3 # theme legacy applications - papirus-icon-theme # icon theme - ; - }; } diff --git a/environments/gnome.nix b/environments/gnome.nix index 4dcab9c..d486875 100644 --- a/environments/gnome.nix +++ b/environments/gnome.nix @@ -23,11 +23,6 @@ in }; config = lib.mkIf cfg.enable { qt.enable = true; - services = { - gvfs.enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - }; environment.gnome.excludePackages = builtins.attrValues { inherit (pkgs) baobab @@ -55,5 +50,10 @@ in ; } ); + services = { + gvfs.enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; }; } diff --git a/environments/hyprland-home.nix b/environments/hyprland-home.nix index 3382422..f4d625e 100644 --- a/environments/hyprland-home.nix +++ b/environments/hyprland-home.nix @@ -10,6 +10,9 @@ let in { programs = { + waybar = waybarConfig.programs.waybar // { + style = waybarStyle; + }; wofi = { enable = true; settings = { @@ -19,29 +22,10 @@ in width = "30%"; }; }; - waybar = waybarConfig.programs.waybar // { - style = waybarStyle; - }; }; wayland.windowManager.hyprland = { enable = true; settings = { - general = { - gaps_in = 5; - gaps_out = 10; - border_size = 3; - layout = "dwindle"; - }; - misc = { - disable_hyprland_logo = true; - disable_splash_rendering = true; - force_default_wallpaper = 0; - }; - dwindle = { - pseudotile = true; - preserve_split = true; - force_split = 2; - }; bind = [ "${mod}, return, exec, ghostty" "${mod}, Q, killactive," @@ -108,6 +92,22 @@ in "${mod}, mouse:272, movewindow" "${mod}, mouse:273, resizewindow" ]; + general = { + gaps_in = 5; + gaps_out = 10; + border_size = 3; + layout = "dwindle"; + }; + misc = { + disable_hyprland_logo = true; + disable_splash_rendering = true; + force_default_wallpaper = 0; + }; + dwindle = { + pseudotile = true; + preserve_split = true; + force_split = 2; + }; }; }; } diff --git a/environments/hyprland.nix b/environments/hyprland.nix index e76e7ff..4f1c928 100644 --- a/environments/hyprland.nix +++ b/environments/hyprland.nix @@ -4,13 +4,6 @@ }: { programs.hyprland.enable = true; - services.greetd = { - enable = true; - settings.default_session = { - command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland"; - user = "greeter"; - }; - }; users.users.jawz.packages = builtins.attrValues { inherit (pkgs) wl-clipboard-rs @@ -25,4 +18,11 @@ ; }; home-manager.users.jawz.imports = [ ./hyprland-home.nix ]; + services.greetd = { + enable = true; + settings.default_session = { + command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland"; + user = "greeter"; + }; + }; } diff --git a/flake.nix b/flake.nix index 67dd63c..efb8f5b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,15 @@ { description = "JawZ NixOS flake setup"; + outputs = + inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ + ./parts/core.nix + ./parts/hosts.nix + ./parts/packages.nix + ./parts/devshells.nix + ]; + }; inputs = { flake-parts.url = "github:hercules-ci/flake-parts"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; @@ -71,14 +81,4 @@ flake = false; }; }; - outputs = - inputs: - inputs.flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ - ./parts/core.nix - ./parts/hosts.nix - ./parts/packages.nix - ./parts/devshells.nix - ]; - }; } diff --git a/hosts/emacs/configuration.nix b/hosts/emacs/configuration.nix index 46230b5..3ec8e85 100644 --- a/hosts/emacs/configuration.nix +++ b/hosts/emacs/configuration.nix @@ -8,6 +8,8 @@ ../../config/stylix.nix ../../environments/hyprland.nix ]; + networking.hostName = "emacs"; + environment.systemPackages = [ ]; virtualisation.vmVariant.virtualisation = { memorySize = 4096; cores = 4; @@ -23,6 +25,11 @@ emacs.enable = true; shell.tools.enable = true; services.network.enable = true; + interfaces = lib.mkMerge [ + { + emacs = "eth0"; + } + ]; dev = { nix.enable = true; python.enable = true; @@ -37,12 +44,5 @@ zig.enable = true; docker.enable = true; }; - interfaces = lib.mkMerge [ - { - emacs = "eth0"; - } - ]; }; - networking.hostName = "emacs"; - environment.systemPackages = [ ]; } diff --git a/hosts/mac/home.nix b/hosts/mac/home.nix index 562ceba..5639abd 100644 --- a/hosts/mac/home.nix +++ b/hosts/mac/home.nix @@ -4,6 +4,7 @@ ... }: { + my = import ./toggles.nix { inherit inputs; }; home = { username = "carlosdaniloreyesmartinez"; homeDirectory = "/Users/carlosdaniloreyesmartinez"; @@ -13,10 +14,11 @@ starship.enable = true; kitty = { enable = true; - shellIntegration.enableBashIntegration = false; - shellIntegration.enableZshIntegration = true; settings.term = "xterm-256color"; + shellIntegration = { + enableBashIntegration = false; + enableZshIntegration = true; + }; }; }; - my = import ./toggles.nix { inherit inputs; }; } diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix index d1c7046..f2d4027 100644 --- a/hosts/miniserver/configuration.nix +++ b/hosts/miniserver/configuration.nix @@ -6,13 +6,17 @@ ../../config/stylix.nix ]; my = import ./toggles.nix { inherit inputs; } // { - nix.cores = 3; - nix.maxJobs = 8; - users.nixremote.enable = true; - users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ - "nixworkstation" - "nixserver" - ]; + nix = { + cores = 3; + maxJobs = 8; + }; + users.nixremote = { + enable = true; + authorizedKeys = inputs.self.lib.getSshKeys [ + "nixworkstation" + "nixserver" + ]; + }; }; nix.buildMachines = let @@ -27,6 +31,7 @@ (buildMachine "workstation" 8 40) (buildMachine "server" 6 17) ]; + nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; networking = { hostName = "miniserver"; firewall = { @@ -34,7 +39,6 @@ allowedUDPPorts = [ 2049 ]; }; }; - nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; services = { btrfs.autoScrub = { enable = true; diff --git a/hosts/miniserver/hardware-configuration.nix b/hosts/miniserver/hardware-configuration.nix index c50fdb2..98be6c1 100644 --- a/hosts/miniserver/hardware-configuration.nix +++ b/hosts/miniserver/hardware-configuration.nix @@ -54,19 +54,17 @@ fileSystems = let nfsMount = server: nfsDisk: { - device = "${server}:/${nfsDisk}"; - fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + device = "${server}:/${nfsDisk}"; + fsType = "nfs"; }; in { "/" = { - device = "/dev/mapper/nvme"; - fsType = "btrfs"; options = [ "subvol=nix" "ssd" @@ -77,10 +75,10 @@ "datacow" "noatime" ]; - }; - "/home" = { device = "/dev/mapper/nvme"; fsType = "btrfs"; + }; + "/home" = { options = [ "subvol=home" "ssd" @@ -90,6 +88,8 @@ "commit=120" "datacow" ]; + device = "/dev/mapper/nvme"; + fsType = "btrfs"; }; "/boot" = { device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334"; @@ -100,18 +100,18 @@ fsType = "vfat"; }; "/var/lib/nextcloud/data" = { - device = "/srv/pool/nextcloud"; options = [ "bind" ]; + device = "/srv/pool/nextcloud"; depends = [ "/srv/pool" ]; }; "/export/pool" = { - device = "/srv/pool"; options = [ "bind" ]; + device = "/srv/pool"; depends = [ "/srv/pool" ]; }; "/export/jawz" = { - device = "/home/jawz"; options = [ "bind" ]; + device = "/home/jawz"; depends = [ "/srv/pool" ]; }; "/srv/server/pool" = nfsMount "server" "pool" // { }; diff --git a/hosts/miniserver/toggles.nix b/hosts/miniserver/toggles.nix index 262d25a..64e2caf 100644 --- a/hosts/miniserver/toggles.nix +++ b/hosts/miniserver/toggles.nix @@ -8,14 +8,6 @@ let ; in { - emacs = { - enable = true; - users = "jawz"; - }; - stylix = { - enable = true; - users = "jawz"; - }; enableProxy = true; websites.portfolio.enableProxy = true; apps = enableList mkEnabledWithUsers [ @@ -49,4 +41,12 @@ in // enableList mkEnabledWithProxy [ "audiobookshelf" ]; + emacs = { + enable = true; + users = "jawz"; + }; + stylix = { + enable = true; + users = "jawz"; + }; } diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 107c085..92a8690 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -17,22 +17,26 @@ in ]; my = import ./toggles.nix { inherit config inputs; } // { nix.cores = 6; - users.nixremote.enable = true; - users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ - "nixworkstation" - "nixminiserver" - ]; - network.firewall.enabledServicePorts = true; - network.firewall.additionalPorts = [ - 2049 # idk - config.my.ports.syncthingGui - config.my.ports.syncthingRelay - config.my.ports.sonarqube - config.my.ports.synapseSsl - config.my.ports.tdarr - config.my.ports.mediaMap - config.my.ports.qbittorrent - ]; + users.nixremote = { + enable = true; + authorizedKeys = inputs.self.lib.getSshKeys [ + "nixworkstation" + "nixminiserver" + ]; + }; + network.firewall = { + enabledServicePorts = true; + additionalPorts = [ + 2049 # idk + config.my.ports.syncthingGui + config.my.ports.syncthingRelay + config.my.ports.sonarqube + config.my.ports.synapseSsl + config.my.ports.tdarr + config.my.ports.mediaMap + config.my.ports.qbittorrent + ]; + }; }; nix.buildMachines = [ { @@ -65,10 +69,6 @@ in }; networking = { hostName = "server"; - firewall = { - allowedUDPPorts = config.networking.firewall.allowedTCPPorts; - interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ]; - }; wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { ips = [ "${config.my.ips.wg-server}/32" ]; privateKeyFile = config.sops.secrets."server/private".path; @@ -86,6 +86,10 @@ in } ]; }; + firewall = { + allowedUDPPorts = config.networking.firewall.allowedTCPPorts; + interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ]; + }; }; users.users.jawz.packages = builtins.attrValues { inherit (pkgs) podman-compose attic-client; @@ -116,14 +120,12 @@ in vpsHost = "lidarr-reports@${config.my.ips.vps}"; vpsPath = "/var/www/html/lidarr-mb-gap"; sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path; - sshKnownHosts = { - vps = { - hostNames = [ - config.my.ips.vps - "[${config.my.ips.vps}]:3456" - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP"; - }; + sshKnownHosts.vps = { + hostNames = [ + config.my.ips.vps + "[${config.my.ips.vps}]:3456" + ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP"; }; }; }; diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index 3ed1f60..538927f 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -84,8 +84,6 @@ in }; fileSystems = { "/" = { - device = "/dev/mapper/nvme"; - fsType = "btrfs"; options = [ "subvol=nix" "ssd" @@ -96,10 +94,10 @@ in "datacow" "noatime" ]; - }; - "/home" = { device = "/dev/mapper/nvme"; fsType = "btrfs"; + }; + "/home" = { options = [ "subvol=home" "ssd" @@ -109,19 +107,19 @@ in "commit=120" "datacow" ]; + device = "/dev/mapper/nvme"; + fsType = "btrfs"; }; "/boot" = { + options = [ "nofail" ]; device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; fsType = "ext4"; - options = [ "nofail" ]; }; "/boot/efi" = { device = "/dev/disk/by-uuid/CBE7-5DEB"; fsType = "vfat"; }; "/srv/pool" = { - device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34"; - fsType = "btrfs"; options = [ "subvol=@data" "compress=zstd:3" @@ -129,34 +127,36 @@ in "commit=120" "datacow" ]; + device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34"; + fsType = "btrfs"; depends = [ "/boot/efi" ]; }; "/var/lib/nextcloud/data" = { - device = "/srv/pool/nextcloud"; options = [ "bind" ]; + device = "/srv/pool/nextcloud"; depends = [ "/srv/pool" ]; }; "/srv/jellyfin/media" = { - device = "/srv/pool/multimedia/media"; options = [ "bind" "ro" ]; + device = "/srv/pool/multimedia/media"; depends = [ "/srv/pool" ]; }; "/export/pool" = { - device = "/srv/pool"; options = [ "bind" ]; + device = "/srv/pool"; depends = [ "/srv/pool" ]; }; "/export/jawz" = { - device = "/home/jawz"; options = [ "bind" ]; + device = "/home/jawz"; depends = [ "/srv/pool" ]; }; "/export/backups" = { - device = "/srv/backups"; options = [ "bind" ]; + device = "/srv/backups"; depends = [ "/srv/pool" ]; }; }; diff --git a/hosts/server/toggles.nix b/hosts/server/toggles.nix index 9bead84..7096a3b 100644 --- a/hosts/server/toggles.nix +++ b/hosts/server/toggles.nix @@ -4,20 +4,8 @@ let mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server; in { - emacs = { - enable = true; - users = "jawz"; - }; - stylix = { - enable = true; - users = "jawz"; - }; enableProxy = true; enableContainers = true; - apps.dictionaries = { - enable = true; - users = "jawz"; - }; shell = enableList mkEnabledWithUsers [ "multimedia" "tools" @@ -93,4 +81,16 @@ in "plausible" "vaultwarden" ]; + emacs = { + enable = true; + users = "jawz"; + }; + stylix = { + enable = true; + users = "jawz"; + }; + apps.dictionaries = { + enable = true; + users = "jawz"; + }; } diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix index 074559e..b4e51fd 100644 --- a/hosts/vps/configuration.nix +++ b/hosts/vps/configuration.nix @@ -70,13 +70,30 @@ in ]; }; }; + image.modules.linode = { }; + environment.systemPackages = [ ]; + security.sudo-rs.extraRules = [ + { + users = [ "nixremote" ]; + commands = [ + { + options = [ "NOPASSWD" ]; + command = "/run/current-system/sw/bin/nixos-rebuild"; + } + ]; + } + ]; + systemd.tmpfiles.rules = [ + "d /var/www/html 2775 deploy www-data -" + "d /var/www/html/portfolio 2775 deploy www-data -" + "d /var/www/html/blog 2775 deploy www-data -" + "d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -" + ]; sops.age = { generateKey = true; keyFile = "/var/lib/sops-nix/key.txt"; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - image.modules.linode = { }; - environment.systemPackages = [ ]; networking = { hostName = "vps"; nat = { @@ -137,23 +154,6 @@ in ''; }; }; - security.sudo-rs.extraRules = [ - { - users = [ "nixremote" ]; - commands = [ - { - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; - systemd.tmpfiles.rules = [ - "d /var/www/html 2775 deploy www-data -" - "d /var/www/html/portfolio 2775 deploy www-data -" - "d /var/www/html/blog 2775 deploy www-data -" - "d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -" - ]; services = { smartd.enable = lib.mkForce false; openssh.ports = [ ports.ssh ]; diff --git a/hosts/vps/toggles.nix b/hosts/vps/toggles.nix index daa413c..9c856ba 100644 --- a/hosts/vps/toggles.nix +++ b/hosts/vps/toggles.nix @@ -41,10 +41,6 @@ let secureToggles = { enableProxy = true; enableContainers = true; - websites = { - portfolio.enableProxy = true; - lidarrMbReport.enableProxy = true; - }; servers = enableList mkEnabledWithProxy [ "isso" @@ -78,6 +74,10 @@ let "vaultwarden" "yamtrack" ]; + websites = { + portfolio.enableProxy = true; + lidarrMbReport.enableProxy = true; + }; }; in lib.mkMerge [ diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix index 613c95c..870f4b7 100644 --- a/hosts/workstation/configuration.nix +++ b/hosts/workstation/configuration.nix @@ -25,13 +25,17 @@ in ../../environments/gnome.nix ]; my = import ./toggles.nix { inherit inputs; } // { - nix.cores = 8; - nix.maxJobs = 8; - users.nixremote.enable = true; - users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ - "nixserver" - "nixminiserver" - ]; + nix = { + cores = 8; + maxJobs = 8; + }; + users.nixremote = { + enable = true; + authorizedKeys = inputs.self.lib.getSshKeys [ + "nixserver" + "nixminiserver" + ]; + }; }; sops.secrets."workstation/private" = lib.mkIf config.my.secureHost { sopsFile = ../../secrets/wireguard.yaml; @@ -53,6 +57,21 @@ in }; networking = { hostName = "workstation"; + wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { + ips = [ "${config.my.ips.wg-workstation}/32" ]; + privateKeyFile = config.sops.secrets."workstation/private".path; + peers = [ + { + publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; + endpoint = "${config.my.ips.vps}:51820"; + persistentKeepalive = 25; + allowedIPs = [ + "${config.my.ips.wg-vps}/32" + config.my.subnets.wg-homelab + ]; + } + ]; + }; firewall = { allowedTCPPorts = [ config.my.ports.nsUsbloader @@ -80,21 +99,6 @@ in } ''; }; - wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { - ips = [ "${config.my.ips.wg-workstation}/32" ]; - privateKeyFile = config.sops.secrets."workstation/private".path; - peers = [ - { - publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; - endpoint = "${config.my.ips.vps}:51820"; - persistentKeepalive = 25; - allowedIPs = [ - "${config.my.ips.wg-vps}/32" - config.my.subnets.wg-homelab - ]; - } - ]; - }; }; users = { groups.ai = { }; diff --git a/hosts/workstation/hardware-configuration.nix b/hosts/workstation/hardware-configuration.nix index 2f28d44..662b102 100644 --- a/hosts/workstation/hardware-configuration.nix +++ b/hosts/workstation/hardware-configuration.nix @@ -87,17 +87,16 @@ in fileSystems = let nfsMount = server: nfsDisk: { - device = "${server}:/${nfsDisk}"; - fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + device = "${server}:/${nfsDisk}"; + fsType = "nfs"; }; btrfsMount = device: subvol: extraOpts: { inherit device; - fsType = "btrfs"; options = extraOpts ++ [ "subvol=${subvol}" "ssd" @@ -107,6 +106,7 @@ in "commit=120" "datacow" ]; + fsType = "btrfs"; }; trashOptions = [ "x-gvfs-trash" diff --git a/hosts/workstation/toggles.nix b/hosts/workstation/toggles.nix index 6a5a291..8532ce4 100644 --- a/hosts/workstation/toggles.nix +++ b/hosts/workstation/toggles.nix @@ -3,14 +3,6 @@ let inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList; in { - stylix = { - enable = true; - users = "jawz"; - }; - emacs = { - enable = true; - users = "jawz"; - }; enableContainers = true; servers.drpp.enable = true; apps = @@ -52,4 +44,12 @@ in "ffmpeg4discord" "update-org-agenda-cache" ]; + stylix = { + enable = true; + users = "jawz"; + }; + emacs = { + enable = true; + users = "jawz"; + }; } diff --git a/modules/apps/art.nix b/modules/apps/art.nix index 0c714fb..2deca08 100644 --- a/modules/apps/art.nix +++ b/modules/apps/art.nix @@ -37,6 +37,7 @@ let in { options.my = { + dev.gameDev.enable = lib.mkEnableOption "game development tools and engines"; apps.art = { enable = lib.mkEnableOption "digital art and creative applications"; users = lib.mkOption { @@ -45,7 +46,6 @@ in description = "Users to install art packages for"; }; }; - dev.gameDev.enable = lib.mkEnableOption "game development tools and engines"; }; config.users.users = let diff --git a/modules/apps/gaming.nix b/modules/apps/gaming.nix index c8702f3..de851c7 100644 --- a/modules/apps/gaming.nix +++ b/modules/apps/gaming.nix @@ -21,8 +21,8 @@ let ); in { - imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ]; options.my.apps = { + switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools"; gaming = { enable = lib.mkEnableOption "gaming applications and emulators"; users = lib.mkOption { @@ -31,8 +31,8 @@ in description = "Users to install gaming packages for"; }; }; - switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools"; }; + imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ]; config = lib.mkIf config.my.apps.gaming.enable { # sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable { # sopsFile = ../../secrets/env.yaml; @@ -40,16 +40,6 @@ in # owner = config.users.users.jawz.name; # inherit (config.users.users.jawz) group; # }; - programs = { - gamemode.enable = true; - steam = { - enable = true; - gamescopeSession.enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - platformOptimizations.enable = true; - }; - }; services = lib.mkIf config.my.apps.switch.enable { switch-boot.enable = true; # switch-presence = { @@ -80,5 +70,15 @@ in }; in inputs.self.lib.mkUserPackages lib config.my.apps.gaming.users packages; + programs = { + gamemode.enable = true; + steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + platformOptimizations.enable = true; + }; + }; }; } diff --git a/modules/apps/internet/home.nix b/modules/apps/internet/home.nix index ae642ce..3473c02 100644 --- a/modules/apps/internet/home.nix +++ b/modules/apps/internet/home.nix @@ -19,6 +19,13 @@ let ]; }; cfg = config.my.apps.internet; + krisp-patch = builtins.readFile ( + pkgs.fetchurl { + url = "https://pastebin.com/raw/8tQDsMVd"; + sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8="; + } + ); + krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch; krisp-settings = { libraries = builtins.attrValues { inherit (pkgs.python3Packages) @@ -32,13 +39,6 @@ let "F405" ]; }; - krisp-patch = builtins.readFile ( - pkgs.fetchurl { - url = "https://pastebin.com/raw/8tQDsMVd"; - sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8="; - } - ); - krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch; in { options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps"; diff --git a/modules/dev/cc/nixos.nix b/modules/dev/cc/nixos.nix index 18a6a71..ecbda1d 100644 --- a/modules/dev/cc/nixos.nix +++ b/modules/dev/cc/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.cc = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "C/C++ development shell"; + }; my.dev.cc = { enable = lib.mkEnableOption "Install C/C++ tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install C/C++ packages for"; }; }; - devShells.cc = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "C/C++ development shell"; - }; }; } diff --git a/modules/dev/docker/home.nix b/modules/dev/docker/home.nix index 994c402..78d39a2 100644 --- a/modules/dev/docker/home.nix +++ b/modules/dev/docker/home.nix @@ -28,8 +28,10 @@ in my.dev.docker.enable = lib.mkDefault hm.enabledByDefault; } (lib.mkIf cfg.enable { - home.packages = feature.packages; - home.sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker"; + home = { + inherit (feature) packages; + sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker"; + }; }) ]; } diff --git a/modules/dev/docker/nixos.nix b/modules/dev/docker/nixos.nix index d928bcd..7f07146 100644 --- a/modules/dev/docker/nixos.nix +++ b/modules/dev/docker/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.docker = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Docker and Dockerfile tooling shell"; + }; my.dev.docker = { enable = lib.mkEnableOption "Install Docker tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Docker packages for"; }; }; - devShells.docker = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Docker and Dockerfile tooling shell"; - }; }; } diff --git a/modules/dev/emacs/home.nix b/modules/dev/emacs/home.nix index 6aadfb0..66227db 100644 --- a/modules/dev/emacs/home.nix +++ b/modules/dev/emacs/home.nix @@ -25,8 +25,8 @@ let }; in { - imports = [ inputs.doom-emacs.homeModule ]; options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration"; + imports = [ inputs.doom-emacs.homeModule ]; config = lib.mkMerge [ { my.emacs.enable = lib.mkDefault hm.enabledByDefault; diff --git a/modules/dev/emacs/portable.nix b/modules/dev/emacs/portable.nix index dec8eba..4651222 100644 --- a/modules/dev/emacs/portable.nix +++ b/modules/dev/emacs/portable.nix @@ -5,8 +5,8 @@ }: let emacs = import ./common.nix { - lib = pkgs.lib; inherit pkgs; + lib = pkgs.lib; stylixEnabled = false; emacsExtraConfig = ""; emacsExtraPackages = _epkgs: [ ]; @@ -41,21 +41,21 @@ let ../../../modules/home-manager.nix ../../../config/home-manager.nix { + programs.home-manager.enable = true; + nixpkgs.config.allowUnfree = true; home = { username = "portable"; homeDirectory = if pkgs.stdenv.isDarwin then "/Users/portable" else "/home/portable"; stateVersion = "23.05"; }; - programs.home-manager.enable = true; - nixpkgs.config.allowUnfree = true; my = { emacs.enable = true; + shell.tools.enable = true; dev = { nix.enable = true; python.enable = true; sh.enable = true; }; - shell.tools.enable = true; }; } ]; diff --git a/modules/dev/go/home.nix b/modules/dev/go/home.nix index 3f37150..9614aa0 100644 --- a/modules/dev/go/home.nix +++ b/modules/dev/go/home.nix @@ -28,8 +28,10 @@ in my.dev.go.enable = lib.mkDefault hm.enabledByDefault; } (lib.mkIf cfg.enable { - home.packages = feature.packages; - home.sessionVariables.GOPATH = "${config.xdg.dataHome}/go"; + home = { + inherit (feature) packages; + sessionVariables.GOPATH = "${config.xdg.dataHome}/go"; + }; }) ]; } diff --git a/modules/dev/go/nixos.nix b/modules/dev/go/nixos.nix index b147349..36a689f 100644 --- a/modules/dev/go/nixos.nix +++ b/modules/dev/go/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.go = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Go development shell with Emacs tooling, REPL, formatter, and linter"; + }; my.dev.go = { enable = lib.mkEnableOption "Install Go tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Go packages for"; }; }; - devShells.go = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Go development shell with Emacs tooling, REPL, formatter, and linter"; - }; }; } diff --git a/modules/dev/haskell/home.nix b/modules/dev/haskell/home.nix index 94939f1..6d2931f 100644 --- a/modules/dev/haskell/home.nix +++ b/modules/dev/haskell/home.nix @@ -28,11 +28,13 @@ in my.dev.haskell.enable = lib.mkDefault hm.enabledByDefault; } (lib.mkIf cfg.enable { - home.packages = feature.packages; - home.sessionVariables = { - CABAL_DIR = "${config.xdg.cacheHome}/cabal"; - STACK_ROOT = "${config.xdg.dataHome}/stack"; - GHCUP_USE_XDG_DIRS = "true"; + home = { + inherit (feature) packages; + sessionVariables = { + CABAL_DIR = "${config.xdg.cacheHome}/cabal"; + STACK_ROOT = "${config.xdg.dataHome}/stack"; + GHCUP_USE_XDG_DIRS = "true"; + }; }; }) ]; diff --git a/modules/dev/haskell/nixos.nix b/modules/dev/haskell/nixos.nix index 6f72c74..b3a12af 100644 --- a/modules/dev/haskell/nixos.nix +++ b/modules/dev/haskell/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.haskell = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Haskell development shell"; + }; my.dev.haskell = { enable = lib.mkEnableOption "Install Haskell tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Haskell packages for"; }; }; - devShells.haskell = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Haskell development shell"; - }; }; } diff --git a/modules/dev/javascript/common.nix b/modules/dev/javascript/common.nix index d78a429..1f22b05 100644 --- a/modules/dev/javascript/common.nix +++ b/modules/dev/javascript/common.nix @@ -14,12 +14,12 @@ in echo "📦 JavaScript dev environment" ''; }; - sessionVariables = { - NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc"; - PNPM_HOME = "\${XDG_DATA_HOME}/pnpm"; - }; sessionPath = [ "\${XDG_DATA_HOME}/npm/bin" "\${XDG_DATA_HOME}/pnpm" ]; + sessionVariables = { + NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc"; + PNPM_HOME = "\${XDG_DATA_HOME}/pnpm"; + }; } diff --git a/modules/dev/javascript/nixos.nix b/modules/dev/javascript/nixos.nix index 16022b3..d1093ef 100644 --- a/modules/dev/javascript/nixos.nix +++ b/modules/dev/javascript/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.javascript = lib.mkOption { + type = lib.types.package; + default = javascript.devShell; + description = "JavaScript/Node development shell with npm/pnpm support"; + }; my.dev.javascript = { enable = lib.mkEnableOption "Install JavaScript tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install JavaScript packages for"; }; }; - devShells.javascript = lib.mkOption { - type = lib.types.package; - default = javascript.devShell; - description = "JavaScript/Node development shell with npm/pnpm support"; - }; }; } diff --git a/modules/dev/julia/nixos.nix b/modules/dev/julia/nixos.nix index ddb913c..8cc75f4 100644 --- a/modules/dev/julia/nixos.nix +++ b/modules/dev/julia/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.julia = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Julia development shell"; + }; my.dev.julia = { enable = lib.mkEnableOption "Install Julia globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Julia packages for"; }; }; - devShells.julia = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Julia development shell"; - }; }; } diff --git a/modules/dev/mcp/nixos.nix b/modules/dev/mcp/nixos.nix index f09734b..b2d51e3 100644 --- a/modules/dev/mcp/nixos.nix +++ b/modules/dev/mcp/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.mcp = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "MCP dev shell for this repo"; + }; my.dev.mcp = { enable = lib.mkEnableOption "Install MCP tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install MCP packages for"; }; }; - devShells.mcp = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "MCP dev shell for this repo"; - }; }; } diff --git a/modules/dev/nix/nixos.nix b/modules/dev/nix/nixos.nix index 65c6c30..103dbe1 100644 --- a/modules/dev/nix/nixos.nix +++ b/modules/dev/nix/nixos.nix @@ -13,6 +13,11 @@ let in { options = { + devShells.nix = lib.mkOption { + type = lib.types.package; + default = nix.devShell; + description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix"; + }; my.dev.nix = { enable = lib.mkEnableOption "Install Nix tooling globally"; users = lib.mkOption { @@ -21,10 +26,5 @@ in description = "Users to install Nix packages for"; }; }; - devShells.nix = lib.mkOption { - type = lib.types.package; - default = nix.devShell; - description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix"; - }; }; } diff --git a/modules/dev/python/nixos.nix b/modules/dev/python/nixos.nix index 2716ea6..b3d6cd9 100644 --- a/modules/dev/python/nixos.nix +++ b/modules/dev/python/nixos.nix @@ -10,6 +10,10 @@ let in { options = { + devShells.python = lib.mkOption { + type = lib.types.package; + default = python.devShell; + }; my.dev.python = { enable = lib.mkEnableOption "Install Python tools globally"; users = lib.mkOption { @@ -18,9 +22,5 @@ in description = "Users to install Python packages for"; }; }; - devShells.python = lib.mkOption { - type = lib.types.package; - default = python.devShell; - }; }; } diff --git a/modules/dev/ruby/home.nix b/modules/dev/ruby/home.nix index 1be0d60..d7e3716 100644 --- a/modules/dev/ruby/home.nix +++ b/modules/dev/ruby/home.nix @@ -28,11 +28,13 @@ in my.dev.ruby.enable = lib.mkDefault hm.enabledByDefault; } (lib.mkIf cfg.enable { - home.packages = feature.packages; - home.sessionVariables = { - GEM_HOME = "${config.xdg.dataHome}/ruby/gems"; - GEM_PATH = "${config.xdg.dataHome}/ruby/gems"; - GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs"; + home = { + inherit (feature) packages; + sessionVariables = { + GEM_HOME = "${config.xdg.dataHome}/ruby/gems"; + GEM_PATH = "${config.xdg.dataHome}/ruby/gems"; + GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs"; + }; }; }) ]; diff --git a/modules/dev/ruby/nixos.nix b/modules/dev/ruby/nixos.nix index fc284bd..6f98e4c 100644 --- a/modules/dev/ruby/nixos.nix +++ b/modules/dev/ruby/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.ruby = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Ruby development shell with interpreter and Solargraph LSP"; + }; my.dev.ruby = { enable = lib.mkEnableOption "Install Ruby tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Ruby packages for"; }; }; - devShells.ruby = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Ruby development shell with interpreter and Solargraph LSP"; - }; }; } diff --git a/modules/dev/rust/home.nix b/modules/dev/rust/home.nix index 216446c..ceb7c51 100644 --- a/modules/dev/rust/home.nix +++ b/modules/dev/rust/home.nix @@ -28,8 +28,10 @@ in my.dev.rust.enable = lib.mkDefault hm.enabledByDefault; } (lib.mkIf cfg.enable { - home.packages = feature.packages; - home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo"; + home = { + inherit (feature) packages; + sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo"; + }; }) ]; } diff --git a/modules/dev/rust/nixos.nix b/modules/dev/rust/nixos.nix index 110973b..a9f135f 100644 --- a/modules/dev/rust/nixos.nix +++ b/modules/dev/rust/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.rust = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Rust development shell with cargo and rust-analyzer"; + }; my.dev.rust = { enable = lib.mkEnableOption "Install Rust tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Rust packages for"; }; }; - devShells.rust = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Rust development shell with cargo and rust-analyzer"; - }; }; } diff --git a/modules/dev/sh/nixos.nix b/modules/dev/sh/nixos.nix index e08c237..e39f498 100644 --- a/modules/dev/sh/nixos.nix +++ b/modules/dev/sh/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.sh = lib.mkOption { + type = lib.types.package; + default = sh.devShell; + description = "Shell scripting dev shell"; + }; my.dev.sh = { enable = lib.mkEnableOption "Install shell scripting tools globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install shell scripting packages for"; }; }; - devShells.sh = lib.mkOption { - type = lib.types.package; - default = sh.devShell; - description = "Shell scripting dev shell"; - }; }; } diff --git a/modules/dev/zig/nixos.nix b/modules/dev/zig/nixos.nix index ca7670b..02dfd3c 100644 --- a/modules/dev/zig/nixos.nix +++ b/modules/dev/zig/nixos.nix @@ -10,6 +10,11 @@ let in { options = { + devShells.zig = lib.mkOption { + type = lib.types.package; + default = feature.devShell; + description = "Zig development shell with compiler and LSP"; + }; my.dev.zig = { enable = lib.mkEnableOption "Install Zig tooling globally"; users = lib.mkOption { @@ -18,10 +23,5 @@ in description = "Users to install Zig packages for"; }; }; - devShells.zig = lib.mkOption { - type = lib.types.package; - default = feature.devShell; - description = "Zig development shell with compiler and LSP"; - }; }; } diff --git a/modules/factories/mkscript.nix b/modules/factories/mkscript.nix index 566370e..6a82d64 100644 --- a/modules/factories/mkscript.nix +++ b/modules/factories/mkscript.nix @@ -65,41 +65,43 @@ lib.mkMerge ( lib.mapAttrsToList (user: packages: inputs.self.lib.mkUserPackages lib user packages) userMap ); - systemd.user.services = - config.my.scripts - |> lib.mapAttrs' ( - _name: script: - lib.nameValuePair "${script.name}" ( - lib.mkIf (script.enable && script.service) { - restartIfChanged = true; - inherit (script) description; - wantedBy = [ "default.target" ]; - path = [ - pkgs.nix - script.package - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${script.package}/bin/${script.name}"; - }; - } - ) - ); - systemd.user.timers = - config.my.scripts - |> lib.mapAttrs' ( - _name: script: - lib.nameValuePair "${script.name}" ( - lib.mkIf (script.enable && script.service) { - enable = true; - inherit (script) description; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = script.timer; - }; - } - ) - ); + systemd.user = { + services = + config.my.scripts + |> lib.mapAttrs' ( + _name: script: + lib.nameValuePair "${script.name}" ( + lib.mkIf (script.enable && script.service) { + restartIfChanged = true; + inherit (script) description; + wantedBy = [ "default.target" ]; + path = [ + pkgs.nix + script.package + ]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 30; + ExecStart = "${script.package}/bin/${script.name}"; + }; + } + ) + ); + timers = + config.my.scripts + |> lib.mapAttrs' ( + _name: script: + lib.nameValuePair "${script.name}" ( + lib.mkIf (script.enable && script.service) { + enable = true; + inherit (script) description; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = script.timer; + }; + } + ) + ); + }; }; } diff --git a/modules/modules.nix b/modules/modules.nix index 83293c6..b426e99 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -53,6 +53,7 @@ in }; ips = lib.mkOption { type = lib.types.attrsOf lib.types.str; + description = "Set of IP's for all my computers."; default = { router = "192.168.100.1"; server = "192.168.100.15"; @@ -73,35 +74,34 @@ in wg-friend5 = "10.8.0.6"; wg-friend6 = "10.8.0.7"; }; - description = "Set of IP's for all my computers."; }; subnets = lib.mkOption { type = lib.types.attrsOf lib.types.str; + description = "Set of subnets for WireGuard networks."; default = { wg-homelab = "10.77.0.0/24"; wg-friends = "10.8.0.0/24"; wg-guests = "10.9.0.0/24"; }; - description = "Set of subnets for WireGuard networks."; }; wgInterfaces = lib.mkOption { type = lib.types.attrsOf lib.types.str; + description = "WireGuard interface IPs for the VPS."; default = { wg-homelab = "10.77.0.1/24"; wg-friends = "10.8.0.1/24"; wg-guests = "10.9.0.1/24"; }; - description = "WireGuard interface IPs for the VPS."; }; interfaces = lib.mkOption { type = lib.types.attrsOf lib.types.str; + description = "Set of network interface names for all my computers."; default = { server = "enp0s31f6"; miniserver = "enp2s0"; workstation = "enp5s0"; vps = "eth0"; }; - description = "Set of network interface names for all my computers."; }; mainServer = lib.mkOption { type = lib.types.str; @@ -130,6 +130,7 @@ in }; ports = lib.mkOption { type = lib.types.attrsOf lib.types.port; + description = "Common port assignments for local services and firewall rules."; default = { comfyui = 8188; giteaSsh = 22; @@ -147,7 +148,6 @@ in wg = 51820; ssh = 3456; }; - description = "Common port assignments for local services and firewall rules."; }; email = lib.mkOption { type = lib.types.str; @@ -168,6 +168,7 @@ in }; toggleUsers = lib.mkOption { type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str)); + description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category."; default = { apps = "jawz"; dev = "jawz"; @@ -176,7 +177,6 @@ in services = "jawz"; stylix = "jawz"; }; - description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category."; example = { apps = "jawz"; dev = "bearded_dragonn"; diff --git a/modules/nix/build.nix b/modules/nix/build.nix index 079ae01..8a70bb3 100644 --- a/modules/nix/build.nix +++ b/modules/nix/build.nix @@ -30,8 +30,8 @@ description = "Maximum number of parallel jobs (null = auto-detect)"; }; }; - config = { - nix.settings = lib.mkMerge [ + config.nix = { + settings = lib.mkMerge [ { system-features = config.my.nix.features; } @@ -42,6 +42,6 @@ max-jobs = config.my.nix.maxJobs; }) ]; - nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines; + buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines; }; } diff --git a/modules/scripts/download/home.nix b/modules/scripts/download/home.nix index 48e4d94..a97fc8e 100644 --- a/modules/scripts/download/home.nix +++ b/modules/scripts/download/home.nix @@ -12,8 +12,8 @@ let inputs.self.lib.hmOnlyUser config osConfig "jawz" && (osConfig.my.units.download.enable || osConfig.my.units.downloadManga.enable); download = import ./common.nix { - config = if osConfig == null then { } else osConfig; inherit inputs lib pkgs; + config = if osConfig == null then { } else osConfig; }; in { diff --git a/modules/servers/drpp.nix b/modules/servers/drpp.nix index d4e3ea1..89c949f 100644 --- a/modules/servers/drpp.nix +++ b/modules/servers/drpp.nix @@ -11,13 +11,13 @@ in options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0; config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable { image = "ghcr.io/phin05/discord-rich-presence-plex:latest"; - environment = { - DRPP_UID = toString config.users.users.jawz.uid; - DRPP_GID = toString config.users.groups.users.gid; - }; volumes = [ "${config.my.containerData}/drpp:/app/data" "/run/user/${toString config.users.users.jawz.uid}:/run/app" ]; + environment = { + DRPP_UID = toString config.users.users.jawz.uid; + DRPP_GID = toString config.users.groups.users.gid; + }; }; } diff --git a/modules/servers/flame.nix b/modules/servers/flame.nix index 868fa0d..98ea152 100644 --- a/modules/servers/flame.nix +++ b/modules/servers/flame.nix @@ -15,9 +15,7 @@ in flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007; }; config = lib.mkIf enable { - sops.secrets = { - flame.sopsFile = ../../secrets/env.yaml; - }; + sops.secrets.flame.sopsFile = ../../secrets/env.yaml; virtualisation.oci-containers.containers = lib.mkIf enable { flame = lib.mkIf cfg.enable { autoStart = true; diff --git a/modules/servers/gitea.nix b/modules/servers/gitea.nix index 244601f..9e992b5 100644 --- a/modules/servers/gitea.nix +++ b/modules/servers/gitea.nix @@ -9,11 +9,11 @@ let cfg = config.my.servers.gitea; in { + options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; imports = [ ../nix/gitea-actions-runners/nixos.nix ../nix/gitea-actions-runners/docker.nix ]; - options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets.gitea.sopsFile = ../../secrets/env.yaml; users.groups.gitea.gid = 974; diff --git a/modules/servers/homepage/service-widgets.nix b/modules/servers/homepage/service-widgets.nix index 754b2d5..05e2a25 100644 --- a/modules/servers/homepage/service-widgets.nix +++ b/modules/servers/homepage/service-widgets.nix @@ -154,8 +154,8 @@ icon = "${name}.png"; href = url; widget = { - type = name; inherit url; + type = name; username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}"; password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}"; }; @@ -169,8 +169,8 @@ icon = "${name}.png"; href = url; widget = { - type = name; inherit url; + type = name; key = "{{HOMEPAGE_VAR_SABNZBD}}"; }; }; @@ -231,9 +231,9 @@ icon = "paperless.png"; href = url; widget = { + inherit url; type = name; key = "{{HOMEPAGE_VAR_PAPERLESS}}"; - inherit url; fields = [ "total" "inbox" @@ -262,9 +262,9 @@ icon = "${name}.png"; href = url; widget = { + inherit url; type = name; key = "{{HOMEPAGE_VAR_STASH}}"; - inherit url; fields = [ "scenes" "images" diff --git a/modules/servers/homepage/widgets.nix b/modules/servers/homepage/widgets.nix index 9694188..aa6ed0e 100644 --- a/modules/servers/homepage/widgets.nix +++ b/modules/servers/homepage/widgets.nix @@ -22,14 +22,12 @@ { openweathermap = { label = "Apodaca"; + format.maximumFractionDigits = 1; latitude = 25.760339; longitude = -100.2190662; units = "metric"; provider = "openweathermap"; cache = 5; - format = { - maximumFractionDigits = 1; - }; }; } ] diff --git a/modules/servers/jellyfin.nix b/modules/servers/jellyfin.nix index f85c0aa..daaad7b 100644 --- a/modules/servers/jellyfin.nix +++ b/modules/servers/jellyfin.nix @@ -54,11 +54,9 @@ in }; timers.sub-sync = { enable = true; + timerConfig.OnCalendar = "20:00"; description = "syncronizes subtitles downloaded & modified today"; wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "20:00"; - }; }; }; }) diff --git a/modules/servers/lidarr.nix b/modules/servers/lidarr.nix index 5c6c869..d8ef917 100644 --- a/modules/servers/lidarr.nix +++ b/modules/servers/lidarr.nix @@ -13,11 +13,6 @@ in autoStart = true; image = "linuxserver/lidarr:latest"; ports = [ "${toString cfg.port}:${toString cfg.port}" ]; - environment = { - TZ = config.my.timeZone; - PUID = toString config.users.users.jawz.uid; - PGID = toString config.users.groups.piracy.gid; - }; volumes = [ "/srv/pool/multimedia:/data" "/srv/pool/multimedia/media/Music:/music" @@ -31,5 +26,10 @@ in extraOptions = [ "--network=host" ]; + environment = { + TZ = config.my.timeZone; + PUID = toString config.users.users.jawz.uid; + PGID = toString config.users.groups.piracy.gid; + }; }; } diff --git a/modules/servers/maloja.nix b/modules/servers/maloja.nix index 74deaf7..c3cbd88 100644 --- a/modules/servers/maloja.nix +++ b/modules/servers/maloja.nix @@ -15,6 +15,7 @@ in image = "krateng/maloja:latest"; ports = [ "${toString cfg.port}:${toString cfg.port}" ]; environmentFiles = [ config.sops.secrets.maloja.path ]; + volumes = [ "${config.my.containerData}/maloja:/mljdata" ]; environment = { TZ = config.my.timeZone; MALOJA_TIMEZONE = "-6"; @@ -23,7 +24,6 @@ in MALOJA_DATA_DIRECTORY = "/mljdata"; MALOJA_SKIP_SETUP = "true"; }; - volumes = [ "${config.my.containerData}/maloja:/mljdata" ]; }; }; } diff --git a/modules/servers/multi-scrobbler.nix b/modules/servers/multi-scrobbler.nix index 0eae099..eb63260 100644 --- a/modules/servers/multi-scrobbler.nix +++ b/modules/servers/multi-scrobbler.nix @@ -15,6 +15,7 @@ in image = "foxxmd/multi-scrobbler:latest"; ports = [ "${toString cfg.port}:${toString cfg.port}" ]; environmentFiles = [ config.sops.secrets.multi-scrobbler.path ]; + volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ]; environment = { TZ = config.my.timeZone; PUID = toString config.users.users.jawz.uid; @@ -25,7 +26,6 @@ in PLEX_URL = "http://192.168.100.15:32400"; WS_ENABLE = "true"; }; - volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ]; }; }; } diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index 9417d84..e0f4de7 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -21,8 +21,8 @@ let version = "12.70"; in { - pname = "Image-ExifTool"; inherit version; + pname = "Image-ExifTool"; src = pkgs.fetchurl { url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4="; @@ -54,7 +54,9 @@ in "openssl-1.1.1v" ]; users = { - groups.nextcloud = { inherit gid; }; + groups.nextcloud = { + inherit gid; + }; users.nextcloud = { inherit uid; isSystemUser = true; @@ -189,20 +191,24 @@ in go-vod = lib.mkIf config.my.servers.go-vod.enable { autoStart = true; image = "radialapps/go-vod:latest"; + volumes = [ "ncdata:/var/www/html:ro" ]; + extraOptions = [ + "--device=/dev/dri" # VA-API (omit for NVENC) + ]; environment = { TZ = config.my.timeZone; NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; NVIDIA_VISIBLE_DEVICES = "all"; }; - volumes = [ "ncdata:/var/www/html:ro" ]; - extraOptions = [ - "--device=/dev/dri" # VA-API (omit for NVENC) - ]; }; collabora = lib.mkIf cfgC.enable { autoStart = true; image = "collabora/code:latest"; ports = [ "${toString cfgC.port}:${toString cfgC.port}" ]; + extraOptions = [ + "--cap-add" + "MKNOD" + ]; environment = { TZ = config.my.timeZone; domain = cfg.host; @@ -219,10 +225,6 @@ in DONT_GEN_SSL_CERT = "1"; SLEEPFORDEBUGGER = "0"; }; - extraOptions = [ - "--cap-add" - "MKNOD" - ]; }; }; systemd = lib.mkIf cfg.enableCron { @@ -248,11 +250,9 @@ in }; timers.nextcloud-cronjob = { enable = true; + timerConfig.OnCalendar = "*:0/10"; description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/10"; - }; }; }; }) diff --git a/modules/servers/qbittorrent.nix b/modules/servers/qbittorrent.nix index accf79f..be35cfe 100644 --- a/modules/servers/qbittorrent.nix +++ b/modules/servers/qbittorrent.nix @@ -99,16 +99,6 @@ in }; user = { services = { - qbit_manage = { - restartIfChanged = true; - description = "Tidy up my torrents"; - wantedBy = [ "default.target" ]; - serviceConfig = { - Type = "oneshot"; - TimeoutStartSec = "5min"; - ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml"; - }; - }; unpackerr = lib.mkIf config.my.servers.unpackerr.enable { enable = true; restartIfChanged = true; @@ -130,6 +120,16 @@ in ExecStart = "${pkgs.unpackerr}/bin/unpackerr"; }; }; + qbit_manage = { + restartIfChanged = true; + description = "Tidy up my torrents"; + wantedBy = [ "default.target" ]; + serviceConfig = { + Type = "oneshot"; + TimeoutStartSec = "5min"; + ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml"; + }; + }; }; timers.qbit_manage = { enable = true; diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix index c564a7b..5a63b8c 100644 --- a/modules/servers/ryot.nix +++ b/modules/servers/ryot.nix @@ -15,13 +15,13 @@ in image = "ghcr.io/ignisda/ryot:v10"; ports = [ "${toString cfg.port}:8000" ]; environmentFiles = [ config.sops.secrets.ryot.path ]; + volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; environment = { RUST_LOG = "ryot=debug,sea_orm=debug"; TZ = config.my.timeZone; DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}"; FRONTEND_INSECURE_COOKIES = "true"; }; - volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; }; }; } diff --git a/modules/servers/synapse.nix b/modules/servers/synapse.nix index 9cfc593..9a49d7b 100644 --- a/modules/servers/synapse.nix +++ b/modules/servers/synapse.nix @@ -28,8 +28,12 @@ in config = lib.mkMerge [ (lib.mkIf (cfg.enable && config.my.secureHost) { my.servers = { - synapse = { inherit domain; }; - element = { inherit domain; }; + synapse = { + inherit domain; + }; + element = { + inherit domain; + }; }; users.groups.matrix-synapse = { inherit gid; }; users.users.matrix-synapse = { diff --git a/modules/servers/synctube.nix b/modules/servers/synctube.nix index f238cac..cded7fe 100644 --- a/modules/servers/synctube.nix +++ b/modules/servers/synctube.nix @@ -17,8 +17,8 @@ let version ? "git", }: pkgs.stdenvNoCC.mkDerivation { - name = "${libname}-${version}"; inherit src; + name = "${libname}-${version}"; installPhase = '' runHook preInstall mkdir -p "$out/lib/haxe/${withCommas libname}/${withCommas version}" diff --git a/modules/servers/yamtrack.nix b/modules/servers/yamtrack.nix index 3aebdd2..79da24f 100644 --- a/modules/servers/yamtrack.nix +++ b/modules/servers/yamtrack.nix @@ -18,6 +18,7 @@ in ports = [ "${toString cfg.port}:8000" ]; dependsOn = [ "yamtrack-redis" ]; environmentFiles = [ config.sops.secrets.yamtrack.path ]; + volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; environment = { TZ = config.my.timeZone; URLS = cfg.url; @@ -31,7 +32,6 @@ in REDIS_URL = "redis://yamtrack-redis:6379/0"; SOCIAL_PROVIDERS = "allauth.socialaccount.providers.openid_connect"; }; - volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; }; }; }; diff --git a/modules/services/network.nix b/modules/services/network.nix index 2410fec..8559616 100644 --- a/modules/services/network.nix +++ b/modules/services/network.nix @@ -38,18 +38,6 @@ in "${config.my.localhost6}:53" ] ++ lib.optionals config.my.services.wireguard.enable wgListenAddrs; - query_log = { - file = "/var/lib/dnscrypt-proxy/query.log"; - format = "tsv"; - }; - sources.public-resolvers = { - urls = [ - "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" - "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" - ]; - cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; - minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; - }; server_names = [ "adfilter-adl" "adfilter-adl-ipv6" @@ -65,6 +53,18 @@ in "quad9-dnscrypt-ip6-filter-pri" "ibksturm" ]; + query_log = { + file = "/var/lib/dnscrypt-proxy/query.log"; + format = "tsv"; + }; + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; }; }; }; diff --git a/modules/services/nvidia.nix b/modules/services/nvidia.nix index 93caf5b..14bbe32 100644 --- a/modules/services/nvidia.nix +++ b/modules/services/nvidia.nix @@ -29,8 +29,10 @@ open = config.networking.hostName == "workstation"; package = config.boot.kernelPackages.nvidiaPackages.stable; modesetting.enable = true; - powerManagement.enable = true; - powerManagement.finegrained = false; + powerManagement = { + enable = true; + finegrained = false; + }; }; }; }; diff --git a/modules/services/sound.nix b/modules/services/sound.nix index a391b93..f4ebe30 100644 --- a/modules/services/sound.nix +++ b/modules/services/sound.nix @@ -11,10 +11,12 @@ security.rtkit.enable = true; # make pipewire realtime-capable services.pipewire = { enable = true; - alsa.enable = true; - alsa.support32Bit = true; pulse.enable = true; wireplumber.enable = true; + alsa = { + enable = true; + support32Bit = true; + }; # lowLatency = { # enable = true; # quantum = 64; diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 8d85389..5cc8dc3 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -49,10 +49,6 @@ in relaysEnabled = false; globalAnnounceEnabled = false; }; - gui = { - user = "jawz"; - password = config.sops.secrets.syncthing_password.path; - }; devices = let mkWgDevice = name: id: { @@ -75,6 +71,10 @@ in wg-friend4 = mkWgDevice "wg-friend4" "7YPUQ4Y-2UVEAXI-KBQVU7R-B6R5O36-GDQPTOY-3R3OG7H-BVWVOTD-EX52VQM"; wg-friend6 = mkWgDevice "wg-friend6" "STQGYJV-YNFX6PB-NK63JBV-7HS74L4-AMF2QWA-KAFLXZA-3FELLSB-TE65ZQI"; }; + gui = { + user = "jawz"; + password = config.sops.secrets.syncthing_password.path; + }; folders = { cache = mkMobile "~/Downloads/cache/"; friends = mkMobile "~/Pictures/Artist/friends/"; diff --git a/modules/websites/lidarr-mb-report.nix b/modules/websites/lidarr-mb-report.nix index 637fa75..f4b8dbe 100644 --- a/modules/websites/lidarr-mb-report.nix +++ b/modules/websites/lidarr-mb-report.nix @@ -11,9 +11,7 @@ let ''; in { - options.my.websites.lidarrMbReport = { - enableProxy = lib.mkEnableOption "lidarr mb report static site"; - }; + options.my.websites.lidarrMbReport.enableProxy = lib.mkEnableOption "lidarr mb report static site"; config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) { services.nginx.virtualHosts."mb-report.lebubu.org" = { forceSSL = true; diff --git a/modules/websites/portfolio.nix b/modules/websites/portfolio.nix index 222fe7b..dc4271f 100644 --- a/modules/websites/portfolio.nix +++ b/modules/websites/portfolio.nix @@ -57,9 +57,7 @@ let }; in { - options.my.websites.portfolio = { - enableProxy = lib.mkEnableOption "portfolio and blog static sites"; - }; + options.my.websites.portfolio.enableProxy = lib.mkEnableOption "portfolio and blog static sites"; config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) { services.nginx.virtualHosts = { "www.danilo-reyes.com" = { diff --git a/parts/core.nix b/parts/core.nix index f6ed3d7..2d6a4dc 100644 --- a/parts/core.nix +++ b/parts/core.nix @@ -259,15 +259,15 @@ in mkEnabledIp = ip: name: { inherit name; value = { - enable = true; inherit ip; + enable = true; }; }; mkEnabledProxyIp = ip: name: { inherit name; value = { - enableProxy = true; inherit ip; + enableProxy = true; }; }; enableList = func: list: list |> map func |> builtins.listToAttrs; diff --git a/parts/hosts.nix b/parts/hosts.nix index ac69e08..e9d848c 100644 --- a/parts/hosts.nix +++ b/parts/hosts.nix @@ -1,6 +1,10 @@ { inputs, ... }: { flake = { + homeConfigurations.mac = inputs.self.lib.createHomeConfig { + name = "mac"; + system = "aarch64-darwin"; + }; nixosConfigurations = { workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs; miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small; @@ -9,9 +13,5 @@ emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs; vps = inputs.self.lib.createConfig "vps" inputs.nixpkgs-small; }; - homeConfigurations.mac = inputs.self.lib.createHomeConfig { - name = "mac"; - system = "aarch64-darwin"; - }; }; } diff --git a/parts/packages.nix b/parts/packages.nix index 9c9b2ec..8d27146 100644 --- a/parts/packages.nix +++ b/parts/packages.nix @@ -34,8 +34,10 @@ ( { lib, ... }: { - my.secureHost = lib.mkForce false; - my.build.baseImage = true; + my = { + secureHost = lib.mkForce false; + build.baseImage = true; + }; } ) ];